Manually Installing phpMyAdmin (Ubuntu 18.04)

Sometimes installing phpMyAdmin manually, as opposed to using apt, is necessary. This might be because you're using MySQL 8 and/or PHP 7 and the version provided by Ubuntu's apt repository either won't install or won't function with this setup. You also may just want the latest version for the virtues that come with staying up-to-date. Whatever the reason, this tutorial will run you through the basic process of doing so.

The server I'm using is running Ubuntu 18.04 (though this tutorial will likely need little to no revision for previous versions), Apache 2.4.37, MySQL 8.0.13, and PHP 7.2.14. The latest version of phpMyAdmin at the time of writing is 4.8.4.

Download and Install

After logging into your server, change directory to /usr/share (the traditional place for phpMyAdmin to be stored) and download the files:

$ cd /usr/share
$ sudo wget https://files.phpmyadmin.net/phpMyAdmin/4.8.4/phpMyAdmin-4.8.4-all-languages.zip

If there's a newer version available than 4.8.4 (you can on their website), then change the link above to suit.

Now we need to unzip the files. The easiest way to do this is to use the unzip tool:

$ sudo apt install unzip
$ sudo unzip phpMyAdmin-4.8.4-all-languages.zip

Next move the unzipped folder to the traditional phpMyAdmin directory and clean up the original zip file:

$ sudo mv phpMyAdmin-4.8.4-all-languages phpmyadmin
$ sudo rm phpMyAdmin-4.8.4-all-languages.zip

Finally, give ownership of the directory to www-data (the group used by Apache/PHP) and give appropriate permissions:

$ sudo chown -R www-data: phpmyadmin
$ sudo chmod -R 744 phpmyadmin

Configuring phpMyAdmin

There's a small amount of configuration necessary on phpMyAdmin itself. First, copy the sample config file, which we'll use as the basis of our actual one, then, open the config file:

$ sudo cp phpmyadmin/config.sample.inc.php phpmyadmin/config.inc.php
$ sudo nano phpmyadmin/config.inc.php

Find the line that has $cfg['blowfish_secret'] = ''; (it should be close to the top). The blowfish secret is a unique value for your instance of phpMyAdmin used for security purposes. We need a random string 32 characters in length. There are several pages which generate these for you, this one is the one I prefer since it specifies it sources it randomness from /dev/urandom (without going into detail, a good thing). Once you have your value, copy it into the blowfish_secret field, then save and exit by pressing Ctrl+X, Y, then enter.

Configuring Apache

To allow web access, we need to add an Apache configuration file for phpMyAdmin:

$ sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Copy the configuration below into this file:

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride all
</Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/setup>
    Require all denied
</Directory>

<Directory /usr/share/phpmyadmin/libraries>
    Require all denied
</Directory>

This does the following:

  • Allows access via the /phpmyadmin alias.
  • Allows access to the folder itself and .htaccess files within it.
  • Disallows access to sensitive file directories.

Finally, enable and apply this configuration:

$ sudo a2enconf phpmyadmin
$ sudo systemctl reload apache2

MySQL 8 notes

If you're using MySQL 8, phpMyAdmin's support for it at present isn't ideal. For one, I've found that creating users doesn't work from within it, throwing syntax errors, so that'll likely something you need to do manually from the command line.

More importantly, if you have chosen to use MySQL 8's new authentication plugin caching_sha2_password, you'll need a user which uses the traditional mysql_native_password instead to login in to phpMyAdmin. You can create such a user by logging in via the command line (mysql -u root -p) and executing the following:

CREATE USER 'newuser'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'newuser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Securing phpMyAdmin

There's a couple basic steps you can take to further secure your phpMyAdmin installation. Note these aren't mandatory, but are recommended.

The first is to change the alias by which phpMyAdmin is accessed from /phpmyadmin to something else (by editing the phpmyadmin.conf file we created earlier). This will drastically reduce the chances that someone will find the location of your phpMyAdmin login page.

The other is to employ "basic authentication", which in practice is just a user/password prompt upon attempting to access the page. Assuming you're still in the /usr/share directory, create a .htaccess file for phpmyadmin:

$ sudo nano phpmyadmin/.htaccess

Copy the following into it:

AuthType Basic
AuthName "Restricted"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

AuthName controls the text that appears to the user with the user/password prompt and AuthUserFile specifies where the user/password definition is held; you can customise either if you wish.

Then create the user/password combination:

$ sudo mkdir -p /etc/phpmyadmin
$ sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
New password:
Re-type new password:
Adding password for user username

Finally, reload Apache to activate the changes:

$ sudo systemctl reload apache2

Conclusion

By this point you should be greeted by the phpMyAdmin login page when you navigate to the alias you specified. If you can login, you've successfully installed phpMyAdmin.